Creating a Login Overlay
page 3 of 6
by Scott Mitchell
Average Rating: 
Views (Total / Last 10 Days): 54901/ 75

Using ASP.NET's AuthenticationService Feature

When the login user interface is displayed and the user has entered her credentials and clicked the "Log In" button, we need to send the credentials to the server to determine whether they are valid. If they are, then we need to sign the user into the site. How you validate a user's credentials and how you sign them into the site depends on what techniques you are using to support user accounts. For most ASP.NET sites, developers use forms authentication and Membership.

With forms authentication, an authenticated user is identified by means of an authentication ticket, which is typically stored as a cookie on the user's browser. This authentication ticket is created when the user signs into the site; on subsequent visits, the browser includes the ticket in its request to the website, which is what allows the website to identify the visitor.

Membership is an API in the .NET Framework for managing user accounts. The Membership API uses the provider model and can be used to store credentials in a SQL Server database or Active Directory, among other user stores. The Membership class in the .NET Framework includes a ValidateUser method that accepts a username and password as input parameters and returns a Boolean value indicating whether the supplied credentials were valid.

Regardless of how you support user accounts, for the login overlay to work we need to be able to send the username and password entered by the user to the server to have those credentials validated and the user signed in. One option is to write your own server-side service, which you could do using an ASP.NET page, ASP.NET MVC actions, a generic HTTP Handler, or as an ASMX or WCF service. See my article, Accessing Server-Side Data from Client Script for more information on this topic.

Another option is to take advantage of ASP.NET's AuthenticationService feature, which was added to ASP.NET 3.5. The AuthenticationService feature offers client-side scripts and a server-side service for accessing the forms authentication and Membership systems. To use this functionality you must first enable it. Listing 6 shows the configuration to add to Web.config to turn on the AuthenticationService feature.

Listing 6 - Enable the AuthenticationService functionality for your website.



                <authenticationService enabled="true" />

The server-side AuthenticationService service offers three methods: IsLoggedIn, Login, and Logout.

·         The IsLoggedIn method returns the value of the Request.IsAuthenticated property, which is a Boolean value that indicates whether the request is from an authenticated user.

·         The Login method accepts three input parameters: the username, password, and whether to create a persistent cookie. This method calls the Membership.ValidateUser method, passing in the supplied username and password. If the credentials are valid then the FormsAuthentication.SetAuthCookie method is called, which creates the forms authentication ticket and stores it in the browser's cookies collection.

·         The Logout method calls the FormsAuthentication.SignOut method, which instructs the browser to remove its authentication ticket cookie, effectively logging the user out of the site.

When enabled, the server-side AuthenticationService service is exposed via the URL Authentication_JSON_AppService.axd. That is, you can invoke the IsLoggedIn, Login, and Logout server-side methods from client script by making a properly-formatted HTTP request to While you can certainly write your own JavaScript to accomplish this, there are existing client-side functions in the ASP.NET Ajax Library to facilitate communicating with the server-side AuthenticationService service.

To use the ASP.NET Ajax Library to interface with the AuthenticationService service in ASP.NET MVC applications you need to include the MicrosoftAjax.js and MicrosoftAjaxApplicationServices.js script files, which you can download (or link to) from and You also need to explicitly set the Sys.Services._AuthenticationService.DefaultWebServicePath property to the URL of the server-side AuthenticationService service, Authentication_JSON_AppService.axd. (See line 13 in the ~/Views/Shared/_Layout.cshtml file.)

To the ASP.NET Ajax Library to interface with the AuthenticationService service in ASP.NET WebForms applications, simply add a ScriptManager control to your master page. The ScriptManager automatically includes the necessary script files and assigns the Sys.Services._AuthenticationService.DefaultWebServicePath property for you. (Alternatively, you could bypass adding a ScriptManager control and manually add the necessary script files and script code like with an ASP.NET MVC application.)

View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-07-12 11:07:27 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search